CVE-2024-34987 — SQL Injection in Online Fire Reporting System

CWE-89 — SQL Injection3 documents3 sources

Severity

9.1CRITICALNVD

EPSS

0.0%

top 89.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpgurukul Online Fire Reporting System

Timeline

PublishedJun 3

Description

A SQL Injection vulnerability exists in the `ofrs/admin/index.php` script of PHPGurukul Online Fire Reporting System 1.2. The vulnerability allows attackers to bypass authentication and gain unauthorized access by injecting SQL commands into the username input field during the login process.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages1 packages

▶NVDphpgurukul/online_fire_reporting_system1.2

🔴Vulnerability Details

GHSA

GHSA-74jr-x2w7-635g: A SQL Injection vulnerability exists in the `ofrs/admin/index↗2024-06-03

▶

CVEList

CVE-2024-34987: A SQL Injection vulnerability exists in the `ofrs/admin/index↗2024-06-03

▶